|
The second activity you must master to maintain your DCs
proactively is performance management. When you use proper installation
and creation procedures, your DCs should just work. Remember that the
Domain Controller role is now in its fifth iteration since it appeared
in Microsoft Windows NT, and it has evolved with each release of the
Microsoft server operating system. This means that it is now a very solid and stable
service.
However, you’ll find that despite this stability, things can still
go wrong, whether they are related to system or human errors. And when
they do, you need to be ready to identify the issues quickly and take
appropriate steps to correct the situation. When you perform proactive
performance management, you are forewarned when untoward events might
occur.
1. Managing System Resources
Windows Server includes several tools that help identify
potential issues with system resources. When systems are not
configured properly and are not assigned appropriate resources such as
CPU, RAM, or disk space, systems monitoring helps you identify where
bottlenecks occur. After you identify these bottlenecks, you assign
additional resources to the system. If the system is physical, this
most often means shutting down the system, installing new resources
(for example, additional memory chips), and restarting the system. If
the system is virtual, you might be able to allocate new resources
while the virtual machine is still running, depending on the
virtualization engine you use. If not, shut it down, allocate new
resources (for example, an additional CPU and additional RAM), and
restart it. After the system is restarted, monitor its performance
again to identify whether the new resources solved the
problem.
The tools you can rely on to identify performance bottlenecks in
Windows Server 2008 R2 include:
-
Task Manager, which displays current system resource
usage. -
Event Viewer, which logs specific events, including
performance-related events. -
Reliability Monitor, which tracks changes brought to the
system, allowing you to identify whether a change
could be the cause of a new bottleneck. -
Performance Monitor, which collects data in either real time
or at specific intervals to identify potential issues. -
Windows System Resource Manager (WSRM), which can be used to
profile specific applications to indicate which resources they
need at which time. You can also use it to manage application
resource allocation based on the profiles you generate.
You can use other tools as well, such as Microsoft System Center
Operations Manager, to monitor the state of a system continuously and
automatically correct well-known issues. Operations Manager relies on
custom management packs to monitor specific applications.
The simplest of all tools to use is Task Manager. This tool provides real-time system
status information and covers several key aspects of a system’s
performance, including:
-
Running applications -
Running processes -
Running services -
Performance, including CPU and memory usage -
Networking, including network interface card (NIC)
utilization -
Currently logged-on users
You can access Task Manager in a variety of ways, the most
common of which is to right-click the taskbar and click Task
Manager. Another common method is to use the Ctrl+Alt+Delete key
combination and click Task Manager when the menu choices appear. For
example, this is how you would access Task Manager on Server Core
because it does not include a taskbar. You can also type Taskmgr.exe at the Command Prompt.
When you need information regarding system performance, the
Performance tab, shown in Figure 1, is the most
useful tab. This tab displays complete information about your
system’s key resource usage. It details physical and kernel memory
usage. This tab also includes a button that gives you access to
Resource Monitor. Clicking this button launches
Resource Monitor while keeping Task Manager open.
Resource Monitor is a super Task Manager
because it brings together the CPU, disk, memory, and network usage
graphs in a single view. (See Figure 2.) In addition,
it includes expandable components for each resource, displaying
details of each component so that you can identify which processes
might be the culprit if issues are evident. These two tools are
ideal for on-the-spot verification of resource usage. You should
rely on them if you need to identify immediately whether something
is wrong with a server.
For example, if the system does not have enough memory, you
immediately see that memory usage is constantly high. In this case,
Windows is forced to use on-disk virtual memory and must swap or
page memory contents constantly between physical and virtual memory.
Constant paging is a typical issue that servers with insufficient
physical memory face and is often indicated by slow system behavior.
One good indicator of insufficient memory is slow Server Manager operation.
Working with Event Viewer
Another excellent indicator of system health are the Windows
event logs, which you can explore using Event Viewer. Windows maintains several event logs to
collect information about each of the services running on a server.
By default, these include the Application, Security, Setup, System,
and Forwarded Events logs, all located in the Windows Logs folder.
However, on a DC, you also have additional logs that are
specifically related to AD DS operation. These are located in the
Applications and Services Logs folder and include:
-
DFS Replication, which is available in domains and
forests operating in Windows Server 2008 R2 functional level. If
you are running your domains or forests in one of the earlier
modes, the log is for the FRS replication service. -
Directory Service, which focuses on the operations
that are specifically related to AD DS. -
DNS Server, which lists all events related to the
naming service that supports AD DS operation.
However, one of the best features of Event Log is related to Server Manager. Because it
acts as the central management location for each of the roles
included in Windows Server 2008 R2, Server Manager provides custom
log views that percolate all the events related to a specific server
role. For example, if you click the Active Directory Domain Services
role, Server Manager provides a log view that includes, among other
things, a summary view of key events related to this service, shown
in Figure 3.
Event Log lists three types of events: Information, Warning,
and Errors. By default, the Summary view displayed under the server
role lists Errors with a high priority, Warnings with a medium
priority, and Information messages with the lowest priority.
Therefore, Errors always appear at the top of the summary, alerting
you immediately if there is an issue with your system. To drill down
and see the event details, either double-click the event itself or
move to the Event Viewer section under the Diagnostics node of the
tree pane in Server Manager.
Events provide much more information in Windows Server 2008 R2
and Windows 7 than ever before. In previous versions of Windows,
events were arcane items that provided very little information about
an issue. Today, you get a full explanation on an event in
Event Viewer, and you can link to an online database
maintained by Microsoft for each event. You can look up an event in
this database by clicking the Event Log Online Help link in the event’s Properties
dialog box. You are prompted to send information about the event to
Microsoft. Click Yes if you want information specifically about this
event.
This database does not provide information about every event
in Windows, but it covers the most frequently viewed events. You can
also use third-party event log databases to view information about
events.
The more you know about Windows events, the easier it will be
to deal with issues. You can rely on the Microsoft online event
database and free third-party event databases, and you can
supplement this information with online searches by using tools such
as Windows Live Search to locate information about an issue.
Searching on the event ID returns the most results.
Working with Windows Reliability Monitor
Another useful tool to identify potential issues on a system
is Reliability Monitor. This tool, located under the
Diagnostic\Reliability and Performance\Monitoring Tools node in
Server Manager, tracks changes made to a system. Each
time a change is performed on the system, it is logged in
Reliability Monitor. (See Figure 4.) Tracked
changes include system changes, software installs or uninstalls,
application failures, hardware failures, and Windows
failures.
If an issue arises, one of the first places you should check
is Reliability Monitor because it tracks every change to your system
and reveals what might have happened to make your system
unresponsive. For example, if the change is a new driver for a
device, it might be a good idea to roll back the device installation
to see whether the system becomes more responsive. Verify
Reliability Monitor whenever an issue affecting performance arises
on a server.
Working with Windows Performance Monitor
Sometimes problems and issues are not immediately
recognizable, requiring further research to identify them. In such
cases, you need to rely on Performance Monitor. This tool, located
under the Diagnostic\Reliability and Performance\Monitoring Tools
node in Server Manager, tracks performance data on a system. You use
Performance Monitor to track particular system components either in
real time or on a scheduled basis.
If you are familiar with previous versions of Windows Server,
you’ll quickly note that Windows Server 2008 R2 Performance Monitor
brings together several tools that you might be familiar with:
Performance Logs And Alerts, Server Performance Advisor, and System
Monitor. If you are new to Windows Server with the 2008 R2 release,
you’ll quickly find that when it comes to performance management and
analysis, Performance Monitor is the tool to use. Using Performance
Monitor, you create interactive collections of system counters or
create reusable data collector sets. Performance Monitor is part of
Windows Reliability And Performance Monitor (WRPM).
Table 1 describes each of
the tools in WRPM that support performance monitoring and the access
rights required to work with them.
Table 1. WRPM Tools and Access Rights
|
TOOL |
DESCRIPTION |
REQUIRED MEMBERSHIP |
|---|
|
Monitoring Tools, Performance
Monitor |
For viewing performance data in real time or
from log files. The performance data can be viewed in a
graph, histogram, or report. |
Local Performance Log Users group | |
Monitoring Tools, Reliability Monitor |
For viewing the system stability and the events
that affect reliability. |
Local Administrators group | |
Data collector sets |
Groups data collectors into reusable elements
that can be used to review or log performance. Contains
three types of data collectors: performance counts, event
trace data, and system configuration
information. |
Local Performance Log Users group with the Log
On As A Batch Job user right | |
Reports |
Includes preconfigured performance and
diagnosis reports. Can also be used to generate reports from
data collected using any data collector set. |
Local Performance Log Users group with the Log
On As A Batch Job user right |
Windows Server 2008 R2 includes a new built-in group called
Performance Log Users, which allows server administrators who are
not members of the local Administrators group to perform tasks
related to performance monitoring and logging. For this group to
be able to initiate data logging or modify data collector sets, it
must have the Log On As A Batch Job user right. Note that this user
right is assigned to this group by default.
In addition, Windows Server 2008 R2 creates custom Data Collector Set templates when a role is installed.
These templates are located under the System node of the Data Collector Sets node of WRPM.
For example, with the AD DS role, four collector sets are
created:
-
The Active Directory Diagnostics set collects data
from registry keys, performance counters, and trace events related to AD DS
performance on a local DC. -
The LAN Diagnostics set collects data from network
interface cards, registry keys, and other system hardware to
identify issues related to network traffic on the local
DC. -
The System Diagnostics set collects data from local
hardware resources to generate data that helps streamline
system performance on the local DC. -
The System Performance set focuses on the status of
hardware resources and system response times and processes on
the local DC.
Of the four, the most useful for AD DS is the first. This
should be the data set you rely on the most. You can create your own
personalized data set. If you do, focus on the items in Table 2 as the
counters you should include in your data set.
Table 2. System Monitor Common Counters for AD DS
|
COUNTER |
DESCRIPTION |
REASON |
|---|
|
Network Interface: Bytes Total/Sec |
Rate at which bytes are sent and received over
each network adapter, including framing
characters. |
Track network interfaces to identify high usage
rates per NIC. This helps you determine whether you need to
segment the network or increase bandwidth. | |
Network Interface: Packets Outbound Discarded |
Number of outbound packets that were chosen to
be discarded even though no errors had been detected to
prevent transmission. |
Long queues of items indicate that the NIC is
waiting for the network and is not keeping pace with the
server. This is a bottleneck. | |
NTDS: DRA Inbound Bytes Total/Sec |
Total bytes received through replication. It is
the sum of both uncompressed and compressed
data. |
If this counter does not have any activity, it
indicates that the network could be slowing down
replication. | |
NTDS: DRA Inbound Object Updates Remaining In
Packet |
Number of object updates received through
replication that have not yet been applied to the local
server. |
The value should be low on a constant basis.
High values show that the server is not capable of
adequately integrating data received through
replication. | |
NTDS: DRA Outbound Bytes Total/Sec |
Total bytes sent per second. It is the sum of
both uncompressed and compressed data. |
If this counter does not have any activity, it
indicates that the network could be slowing down
replication. | |
NTDS: DRA Pending Replication
Synchronizations |
The replication backlog on the
server. |
The value should be low on a constant basis.
High values show that the server is not capable of
adequately integrating data received through
replication. | |
NTDS: DS Threads In Use |
Number of threads in use by AD
DS. |
If there is no activity, the network might be
preventing client requests from being
processed. | |
NTDS: LDAP Bind Time |
Time required for completion of the last LDAP
binding. |
High values indicate either hardware or network
performance problems. | |
NTDS: LDAP Client Sessions |
Number of connected LDAP client
sessions. |
If there is no activity, the network might be
causing problems. | |
NTDS: LDAP Searches/Sec |
Number of LDAP searches per
second. |
If there is no activity, the network might be
causing problems. | |
NTDS: LDAP Successful Binds/Sec |
Number of successful LDAP binds per
second. |
If there is no activity, the network might be
causing problems. | |
NTDS: LDAP Writes/Sec |
Number of successful LDAP writes per
second. |
If there is no activity, the network might be
causing problems. | |
Security System-Wide Statistics: Kerberos
Authentications |
Number of Kerberos authentications on the
server per second. |
If there is no activity, the network might be
preventing authentication requests from being
processed. | |
Security System-Wide Statistics: NTLM Authentication |
Number of NTLM authentications on the server
per second. |
If there is no activity, the network might be
preventing authentication requests from being
processed. | |
DFS Replicated Folders: All Counters |
Counters for staging and conflicting
data. |
If there is no activity, the network might be
causing problems. | |
DFS Replication Connections: All Counters |
Counters for incoming
connections. |
If there is no activity, the network might be
causing problems. | |
DFS Replication Service Volumes: All Counters |
Counters for update sequence number (USN)
journal records and database processing on each
volume. |
If there is no activity, the processor might be
causing problems. | |
DNS: All Counters |
DNS Object Type handles the Windows NT DNS service on your
system. |
If there is no activity, the network might be
causing problems, and clients might not be able to locate
this DC. |
To add counters to Performance Monitor, simply click the plus
(+) sign on the toolbar at the top of the details pane. This
displays the Add Counters dialog box shown in Figure 5. Scroll through
the counters to identify which ones you need. In some cases, you
need subcounters under a specific heading (as shown in Table 2); in others,
you need the entire subset of counters. When you need a subcounter,
click the down arrow beside the heading, locate the subcounter, and
click Add. When you need the entire counter, click the counter and
click Add. This adds the counter with a star heading below it,
indicating that all subcounters have been added.
Warning
IMPORTANT THE
WINDOWS SERVER 2008 R2 INTERFACE
When using the classic interface in Windows Server 2008 R2,
subcounters are accessed by clicking plus signs. When using the
Desktop Experience feature in Windows Server 2008 R2, which
simulates the Windows 7 interface, subcounters are accessed
through down arrows.
To obtain information about a counter, click Show Description.
Then, when you click any counter or subcounter, a short description
appears at the bottom of the dialog box.
As soon as you are finished adding counters and you click OK,
Performance Monitor starts tracking them in real time. Each counter
you added is assigned a line of a specific color. To remove a
counter, click the counter, and then click the Delete button (X) on
the toolbar at the top of the details pane.
You can start and stop Performance Monitor much like a media
player, using the same type of buttons. When Performance Monitor
runs, it automatically overwrites data as it collects more;
therefore, it is more practical for real-time monitoring.
If you want to capture the counters you added into a custom
data set, right-click Performance Monitor and click New; then choose
New Data Collector Set. Follow the prompts to save your counter
selections so that you can reuse them later.
Creating Baselines for AD DS and DNS
For long-term system monitoring, you must create data
collector sets. These sets run automated collections at scheduled
times. When you first install a system, it is a good idea to create
a performance baseline for that system. Then as load increases on
the system, you can compare the current load with the baseline to
see what has changed. This helps you identify whether additional
resources are required for your systems to provide optimal
performance. For example, when working with DCs, it is a good idea
to log performance at peak and nonpeak times. Peak times would be
when users log on in the morning or after lunch, and nonpeak times
would be periods such as mid-morning or mid-afternoon. To create a
performance baseline, you need to take samples of
counter values for 30 to 45 minutes for at least a week during peak,
low, and normal operations. The general steps for creating a
baseline include:
-
Identify resources to track. -
Capture data at specific times. -
Store the captured data for long-term access.
Warning
IMPORTANT
PERFORMANCE MONITORING AFFECTS PERFORMANCE
Taking performance snapshots also affects system
performance. The object with the worst impact on performance is
the logical disk object, especially if logical disk counters are
enabled. However, because this affects snapshots at any time, even
with major loads on the server, the baseline is still
valid.
You can create custom collector sets, but with Windows Server
2008 R2, use the default templates that are added when the server
role is installed. For example, to create a baseline for a DC,
simply create a user-defined data collector set that is based on the
Active Directory Diagnostics template and run it on a regular
basis.
Then, when you are ready to view the results of your
collection, you can rely on the Reports section of the Windows
Reliability And Performance node. Right-click the collector set for
which you want to view the report (either User Defined or System)
and click Latest Report. This generates the report if it isn’t
already available and provides extensive information on the status
of your DC. (See Figure 6.)
|
